Lines Matching refs:ctx
74 static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
75 static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x);
76 static int check_chain_extensions(X509_STORE_CTX *ctx);
77 static int check_trust(X509_STORE_CTX *ctx);
78 static int check_revocation(X509_STORE_CTX *ctx);
79 static int check_cert(X509_STORE_CTX *ctx);
80 static int internal_verify(X509_STORE_CTX *ctx);
96 int X509_verify_cert(X509_STORE_CTX *ctx)
105 if (ctx->cert == NULL)
111 cb=ctx->verify_cb;
115 if (ctx->chain == NULL)
117 if ( ((ctx->chain=sk_X509_new_null()) == NULL) ||
118 (!sk_X509_push(ctx->chain,ctx->cert)))
123 CRYPTO_add(&ctx->cert->references,1,CRYPTO_LOCK_X509);
124 ctx->last_untrusted=1;
128 if (ctx->untrusted != NULL
129 && (sktmp=sk_X509_dup(ctx->untrusted)) == NULL)
135 num=sk_X509_num(ctx->chain);
136 x=sk_X509_value(ctx->chain,num-1);
137 depth=ctx->depth;
151 if (ctx->check_issued(ctx, x,x)) break;
154 if (ctx->untrusted != NULL)
156 xtmp=find_issuer(ctx, sktmp,x);
159 if (!sk_X509_push(ctx->chain,xtmp))
166 ctx->last_untrusted++;
185 i=sk_X509_num(ctx->chain);
186 x=sk_X509_value(ctx->chain,i-1);
188 if (ctx->check_issued(ctx, x, x))
191 if (sk_X509_num(ctx->chain) == 1)
197 ok = ctx->get_issuer(&xtmp, ctx, x);
200 ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
201 ctx->current_cert=x;
202 ctx->error_depth=i-1;
204 ok=cb(0,ctx);
214 sk_X509_set(ctx->chain, i - 1, x);
215 ctx->last_untrusted=0;
221 chain_ss=sk_X509_pop(ctx->chain);
222 ctx->last_untrusted--;
224 x=sk_X509_value(ctx->chain,num-1);
236 if (ctx->check_issued(ctx,x,x)) break;
238 ok = ctx->get_issuer(&xtmp, ctx, x);
244 if (!sk_X509_push(ctx->chain,x))
257 if (!ctx->check_issued(ctx,x,x))
259 if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss))
261 if (ctx->last_untrusted >= num)
262 ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
264 ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
265 ctx->current_cert=x;
270 sk_X509_push(ctx->chain,chain_ss);
272 ctx->last_untrusted=num;
273 ctx->current_cert=chain_ss;
274 ctx->error=X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
278 ctx->error_depth=num-1;
279 ok=cb(0,ctx);
284 ok = check_chain_extensions(ctx);
290 if (ctx->trust > 0) ok = check_trust(ctx);
295 X509_get_pubkey_parameters(NULL,ctx->chain);
301 ok = ctx->check_revocation(ctx);
305 if (ctx->verify != NULL)
306 ok=ctx->verify(ctx);
308 ok=internal_verify(ctx);
312 X509_get_pubkey_parameters(NULL,ctx->chain);
323 static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
330 if (ctx->check_issued(ctx, x, issuer))
338 static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
344 /* If we haven't asked for issuer errors don't set ctx */
345 if (!(ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK))
348 ctx->error = ret;
349 ctx->current_cert = x;
350 ctx->current_issuer = issuer;
351 return ctx->verify_cb(0, ctx);
357 static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
359 *issuer = find_issuer(ctx, ctx->other_ctx, x);
374 static int check_chain_extensions(X509_STORE_CTX *ctx)
382 cb=ctx->verify_cb;
394 for (i = 0; i < ctx->last_untrusted; i++)
397 x = sk_X509_value(ctx->chain, i);
398 if (!(ctx->flags & X509_V_FLAG_IGNORE_CRITICAL)
401 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION;
402 ctx->error_depth = i;
403 ctx->current_cert = x;
404 ok=cb(0,ctx);
411 if ((ctx->flags & X509_V_FLAG_X509_STRICT)
415 ctx->error = X509_V_ERR_INVALID_CA;
424 ctx->error = X509_V_ERR_INVALID_NON_CA;
431 || ((ctx->flags & X509_V_FLAG_X509_STRICT)
435 ctx->error = X509_V_ERR_INVALID_CA;
443 ctx->error_depth = i;
444 ctx->current_cert = x;
445 ok=cb(0,ctx);
448 if (ctx->purpose > 0)
450 ret = X509_check_purpose(x, ctx->purpose,
453 || ((ctx->flags & X509_V_FLAG_X509_STRICT)
456 ctx->error = X509_V_ERR_INVALID_PURPOSE;
457 ctx->error_depth = i;
458 ctx->current_cert = x;
459 ok=cb(0,ctx);
467 ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
468 ctx->error_depth = i;
469 ctx->current_cert = x;
470 ok=cb(0,ctx);
482 static int check_trust(X509_STORE_CTX *ctx)
490 cb=ctx->verify_cb;
492 i = sk_X509_num(ctx->chain) - 1;
493 x = sk_X509_value(ctx->chain, i);
494 ok = X509_check_trust(x, ctx->trust, 0);
497 ctx->error_depth = i;
498 ctx->current_cert = x;
500 ctx->error = X509_V_ERR_CERT_REJECTED;
502 ctx->error = X509_V_ERR_CERT_UNTRUSTED;
503 ok = cb(0, ctx);
508 static int check_revocation(X509_STORE_CTX *ctx)
511 if (!(ctx->flags & X509_V_FLAG_CRL_CHECK))
513 if (ctx->flags & X509_V_FLAG_CRL_CHECK_ALL)
514 last = sk_X509_num(ctx->chain) - 1;
519 ctx->error_depth = i;
520 ok = check_cert(ctx);
526 static int check_cert(X509_STORE_CTX *ctx)
531 cnum = ctx->error_depth;
532 x = sk_X509_value(ctx->chain, cnum);
533 ctx->current_cert = x;
535 ok = ctx->get_crl(ctx, &crl, x);
541 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
542 ok = ctx->verify_cb(0, ctx);
545 ctx->current_crl = crl;
546 ok = ctx->check_crl(ctx, crl);
548 ok = ctx->cert_crl(ctx, crl, x);
550 ctx->current_crl = NULL;
560 static int get_crl(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x)
564 ok = X509_STORE_get_by_subject(ctx, X509_LU_CRL, X509_get_issuer_name(x), &xobj);
571 static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
577 cnum = ctx->error_depth;
578 chnum = sk_X509_num(ctx->chain) - 1;
583 issuer = sk_X509_value(ctx->chain, cnum + 1);
586 issuer = sk_X509_value(ctx->chain, chnum);
588 if(!ctx->check_issued(ctx, issuer, issuer))
590 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER;
591 ok = ctx->verify_cb(0, ctx);
602 ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
603 ok = ctx->verify_cb(0, ctx);
612 ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
613 ok = ctx->verify_cb(0, ctx);
621 ctx->error=X509_V_ERR_CRL_SIGNATURE_FAILURE;
622 ok = ctx->verify_cb(0, ctx);
629 if (ctx->flags & X509_V_FLAG_USE_CHECK_TIME)
630 ptime = &ctx->check_time;
637 ctx->error=X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
638 ok = ctx->verify_cb(0, ctx);
644 ctx->error=X509_V_ERR_CRL_NOT_YET_VALID;
645 ok = ctx->verify_cb(0, ctx);
655 ctx->error=X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
656 ok = ctx->verify_cb(0, ctx);
662 ctx->error=X509_V_ERR_CRL_HAS_EXPIRED;
663 ok = ctx->verify_cb(0, ctx);
676 static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
699 ctx->error = X509_V_ERR_CERT_REVOKED;
700 ok = ctx->verify_cb(0, ctx);
704 if (ctx->flags & X509_V_FLAG_IGNORE_CRITICAL)
721 ctx->error =
723 ok = ctx->verify_cb(0, ctx);
731 static int internal_verify(X509_STORE_CTX *ctx)
739 cb=ctx->verify_cb;
741 n=sk_X509_num(ctx->chain);
742 ctx->error_depth=n-1;
744 xi=sk_X509_value(ctx->chain,n);
745 if (ctx->flags & X509_V_FLAG_USE_CHECK_TIME)
746 ptime = &ctx->check_time;
749 if (ctx->check_issued(ctx, xi, xi))
755 ctx->error=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
756 ctx->current_cert=xi;
757 ok=cb(0,ctx);
763 ctx->error_depth=n;
764 xs=sk_X509_value(ctx->chain,n);
768 /* ctx->error=0; not needed */
771 ctx->error_depth=n;
776 ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
777 ctx->current_cert=xi;
778 ok=(*cb)(0,ctx);
790 ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
791 ctx->current_cert=xs;
792 ok=(*cb)(0,ctx);
805 ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
806 ctx->current_cert=xs;
807 ok=(*cb)(0,ctx);
812 ctx->error=X509_V_ERR_CERT_NOT_YET_VALID;
813 ctx->current_cert=xs;
814 ok=(*cb)(0,ctx);
823 ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
824 ctx->current_cert=xs;
825 ok=(*cb)(0,ctx);
831 ctx->error=X509_V_ERR_CERT_HAS_EXPIRED;
832 ctx->current_cert=xs;
833 ok=(*cb)(0,ctx);
838 ctx->current_cert=xs;
839 ok=(*cb)(1,ctx);
846 xs=sk_X509_value(ctx->chain,n);
1008 int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
1010 return CRYPTO_set_ex_data(&ctx->ex_data,idx,data);
1013 void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx)
1015 return CRYPTO_get_ex_data(&ctx->ex_data,idx);
1018 int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)
1020 return ctx->error;
1023 void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err)
1025 ctx->error=err;
1028 int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
1030 return ctx->error_depth;
1033 X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)
1035 return ctx->current_cert;
1038 STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
1040 return ctx->chain;
1043 STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
1048 if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL;
1057 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
1059 ctx->cert=x;
1062 void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
1064 ctx->untrusted=sk;
1067 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose)
1069 return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
1072 int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust)
1074 return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
1080 * the ctx. If they aren't set then we will usually have a default
1087 int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
1130 if (purpose && !ctx->purpose) ctx->purpose = purpose;
1131 if (trust && !ctx->trust) ctx->trust = trust;
1137 X509_STORE_CTX *ctx;
1138 ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
1139 if (!ctx)
1144 memset(ctx, 0, sizeof(X509_STORE_CTX));
1145 return ctx;
1148 void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
1150 X509_STORE_CTX_cleanup(ctx);
1151 OPENSSL_free(ctx);
1154 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
1157 ctx->ctx=store;
1158 ctx->current_method=0;
1159 ctx->cert=x509;
1160 ctx->untrusted=chain;
1161 ctx->last_untrusted=0;
1162 ctx->check_time=0;
1163 ctx->other_ctx=NULL;
1164 ctx->valid=0;
1165 ctx->chain=NULL;
1166 ctx->depth=9;
1167 ctx->error=0;
1168 ctx->error_depth=0;
1169 ctx->current_cert=NULL;
1170 ctx->current_issuer=NULL;
1179 ctx->purpose=store->purpose;
1180 ctx->trust=store->trust;
1181 ctx->flags = store->flags;
1182 ctx->cleanup = store->cleanup;
1186 ctx->purpose = 0;
1187 ctx->trust = 0;
1188 ctx->flags = 0;
1189 ctx->cleanup = 0;
1193 ctx->check_issued = store->check_issued;
1195 ctx->check_issued = check_issued;
1198 ctx->get_issuer = store->get_issuer;
1200 ctx->get_issuer = X509_STORE_CTX_get1_issuer;
1203 ctx->verify_cb = store->verify_cb;
1205 ctx->verify_cb = null_callback;
1208 ctx->verify = store->verify;
1210 ctx->verify = internal_verify;
1213 ctx->check_revocation = store->check_revocation;
1215 ctx->check_revocation = check_revocation;
1218 ctx->get_crl = store->get_crl;
1220 ctx->get_crl = get_crl;
1223 ctx->check_crl = store->check_crl;
1225 ctx->check_crl = check_crl;
1228 ctx->cert_crl = store->cert_crl;
1230 ctx->cert_crl = cert_crl;
1236 /* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */
1237 if(!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
1238 &(ctx->ex_data)))
1240 OPENSSL_free(ctx);
1251 void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
1253 ctx->other_ctx = sk;
1254 ctx->get_issuer = get_issuer_sk;
1257 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
1259 if (ctx->cleanup) ctx->cleanup(ctx);
1260 if (ctx->chain != NULL)
1262 sk_X509_pop_free(ctx->chain,X509_free);
1263 ctx->chain=NULL;
1265 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
1266 memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
1269 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags)
1271 ctx->flags |= flags;
1274 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t)
1276 ctx->check_time = t;
1277 ctx->flags |= X509_V_FLAG_USE_CHECK_TIME;
1280 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
1283 ctx->verify_cb=verify_cb;